Basics
Editor
This section describes commonly used terms and basic components of the TTModeler tool.
The desktop application has a menu at the top (No. 1), which is not available in the web version. However, File has basically the same options as the three-dots-menu next to Projects (No. 2). The Help menu equals to No. 3. The Side Bar (No. 4) is used for navigation and always visible. The top icons lead to the pages Home, Dashboard, Modeling, Risk, Mitigation, and Configuration. The user icon at the bottom, Account, is used for settings such as login, cookies, license, theme, language, and message notifications. The blue Status Bar at the bottom shows common information and can be used for quick actions. There is a log of system messages (No. 5), a quick link to project information (folder icon, No. 6), and the current open file (No. 7), which also to a file changes dialog. For projects, it is possible to encrypt the project with a password (No. 8). Icon No. 9 opens a notes dialog, allowing to take project-wide notes. It follows a series of buttons for Consistency Check, Save, Save as, Download, and Reload (No. 10). Icon No. 11 shows and opens the Progress Tracker.
Creating a Project
A new project can be created on the Home page. If several configurations are available, one must be selected first. After creating a project, users are fordwarded to the Modeling page, which is the main page of the tool.
Project Information
Meta Data
There are a few fields available for meta data, for instance, for project description and image.
There is also a version history, allowing to track changes in the project on a high level. Furthermore, it is possible to list all people participating in the analysis. An e-mail can be sent to all participants using the icon button above the list. If necessary, a list of workshops can be managed to highlight the progress.
Settings
There are a project-wide settings:
- Test cases: When this option is activated, test cases can be defined via Modeling > Test Cases. This feature may be useful if tests are carried out in parallel on a real system.
- Mapping threat actors for each attack scenario individually.
- Protection goals: Define the impact of assets and system threats separately for each protection goal
- Data sensitivity: Hide this property, as it is marked as deprecated. It is recommended to define the impact per protection goal.
- System threat impact: Hide this property, as it is marked as deprecated. It is recommended to define the impact per protection goal.
- File format: Save file in readable JSON format. However, this increases the file size.
- Skip project changes check: The change detection is currently time-consuming and can be deactivated to increase performance.
History
If the project is stored on a Git-based system, the commit history can be viewed. It is possible to load a former commit. This is not a Git-operation. To restore a former commit, the commit must be loaded and then saved.
Saving
There are multiple ways to save a project (see Editor image): via File (No. 1), Projects (No. 2), and Status Bar (No. 10). It is differentiated between Save, Save as, and Download. The resulting action depends on the used platform (web or desktop app) and login type (guest or git-based system), except the Download function, which always opens a download dialog. If Git is configured, saving to Git is preferred. If you still want to save locally, the download action must be executed the first time.
Progress Tracker
The tool was designed around methodology TTM (Thing Threat Modeling). A progress tracker is included for easy step-by-step application of the methodology. A more detailed introduction is provided on YouTube.